This small series enables virtio-net device type in VDUSE. With it, basic operation have been tested, both with virtio-vdpa and vhost-vdpa using DPDK Vhost library series adding VDUSE support using split rings layout (merged in DPDK v23.07-rc1). Control queue support (and so multiqueue) has also been tested, but requires a Kernel series from Jason Wang relaxing control queue polling [1] to function reliably, so while Jason rework is done, a patch is added to disable CVQ and features that depend on it (tested also with DPDK v23.07-rc1). In this v5, LSM hooks introduced in previous revision are unified into a single hook that covers below operations: - VDUSE_CREATE_DEV ioctl on VDUSE control file, - VDUSE_DESTROY_DEV ioctl on VDUSE control file, - open() on VDUSE device file. In combination with the operations permission, a device type permission has to be associated: - block: Virtio block device type, - net: Virtio networking device type. Changes in v5: ============== - Move control queue disablement patch before Net devices enablement (Jason). - Unify operations LSM hooks into a single hook. - Rebase on latest master. Maxime Coquelin (4): vduse: validate block features only with block devices vduse: Temporarily disable control queue features vduse: enable Virtio-net device type vduse: Add LSM hook to check Virtio device type MAINTAINERS | 1 + drivers/vdpa/vdpa_user/vduse_dev.c | 65 +++++++++++++++++++++++++++-- include/linux/lsm_hook_defs.h | 2 + include/linux/security.h | 6 +++ include/linux/vduse.h | 14 +++++++ security/security.c | 15 +++++++ security/selinux/hooks.c | 32 ++++++++++++++ security/selinux/include/classmap.h | 2 + 8 files changed, 133 insertions(+), 4 deletions(-) create mode 100644 include/linux/vduse.h -- 2.43.0